• moderiert von:
  • Forenmoderatoren
Zum aktuellsten Beitrag
desa-2008-001: linux-2.6 -- missing access checks
  • verfasst: 11.02.2008, 22:40
     
    registriert:
     November 2007
    Status:
    offline
    letzter Besuch:
    21.08.08
    Beiträge:
    2474
    Absender: morten werner forsbring
    1. --RnlQjJ0d97Da+TV1
    2. Content-Type: text/plain; charset=us-ascii
    3. Content-Disposition: inline
    4. Content-Transfer-Encoding: quoted-printable
    5.  
    6. - --------------------------------------------------------------------------
    7. Debian-Edu/Skolelinux Security Advisory DESA 2008-001
    8. http://www.skolelinux.org/security/                  Morten Werner Forsbring
    9. February 11th, 2008              debian-edu-security@lists.alioth.debian.org
    10. - --------------------------------------------------------------------------
    11.  
    12. Package             : linux-2.6
    13. Vulnerability       : missing access checks
    14. Problem-Type        : local
    15. Need reboot         : yes
    16. Debian-Edu-specific : no
    17. CVE ID              : CVE-2008-0010 CVE-2008-0163 CVE-2008-0600
    18. DSA ID              : DSA-1494-1
    19.  
    20.  
    21. The vulnerability described in this DESA affects Debian Edu/Skolelinux
    22. 3.0 (codename terra) based on Debian GNU/Linux 4.0 (codename etch).
    23.  
    24. An internal system call in ther Linux-kernel did not properly verify
    25. address arguments passed by user space processes. This can be used to
    26. gain root privileges. For the details, please take a look at the DSA
    27. =66rom Debian:
    28.  
    29.   http://www.debian.org/security/2008/dsa-1494
    30.  
    31. We recommend that you upgrade your kernel packages to the new 2.6.18
    32. packages built for Debian immidiately and then reboot your system(s).
    33.  
    34.  
    35. Upgrade Instructions
    36. - --------------------
    37.  
    38. Make sure 'deb http://security.debian.org/debian etch/updates main' or
    39. similar is present in your /etc/apt/sources.list and run 'aptitude update'=
    40. =20
    41. to update your package lists.
    42.  
    43. Find which flavour of the kernel you are running with the command
    44. 'uname -r' (examples: 386, 586tsc, 686, 686-smp, k6, k7, k7-smp).
    45.  
    46. To upgrade, run this command replacing <flavour> with yours:
    47.  
    48.   aptitude install linux-image-2.6.18-6-<flavour>
    49.  
    50. Remember that you have to reboot your system(s) after upgrading this
    51. package. If you are unfamiliar with kernel upgrades, please visit our
    52. mini-HOWTO on this subject:
    53.  
    54.   http://www.skolelinux.org/security/kernel-upgrade
    55.  
    56. - --------------------------------------------------------------------------
    57. Mailing lists: debian-edu-announce@lists.debian.org
    58. Package info: `apt-cache show <pkg>'
    59.  
    60.  
    61. --RnlQjJ0d97Da+TV1
    62. Content-Type: application/pgp-signature; name="signature.asc"
    63. Content-Description: Digital signature
    64. Content-Disposition: inline
    65.  
    66. -----BEGIN PGP SIGNATURE-----
    67. Version: GnuPG v1.4.6 (GNU/Linux)
    68.  
    69. iD8DBQFHsMMWw951rgNrq40RAqZ8AKCKZwzuhb+9HUUbSwodl2z+bvmBigCgper6
    70. O0PzkggRT0D1g/8EKVQstQg=
    71. =MUam
    72. -----END PGP SIGNATURE-----
    73.  
    74. --RnlQjJ0d97Da+TV1--
    75.  
    76.  
    77. --
    78. To UNSUBSCRIBE, email to debian-edu-announce-request@lists.debian.org
    79. with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 Suchen:


 Umfrage

(Nur für angemeldete Benutzer)

Was wird hier am meisten vermisst?

[ Ergebnis | Umfragen ]

Stimmen: 621
Kommentare: 0

 Zitate

File not found. Should I fake it? (Y/N)

-- anonymous